Many new applications have begun to emerge with the expanding deployment of cellular network infrastructure. The machine-to-machine (M2M) market is one specific segment that has gained considerable widespread usage. This fast-growing market is predicted to see billions of machines interconnected in a near future.
A typical M2M system comprises a M2M device, an M2M server, a network part (including logical function entities such as a network element of an access network, a network element of a core network, . . . ). The M2M server stores related data information of M2M devices or groups for providing M2M services. For example, the M2M device is a water or electricity meters, and the M2M server is a reading and processing server for the water or electricity meter, which stores the configuration information of the water or electricity meter and processes the data read from the meters accordingly.
M2M devices differ from other ordinary network subscribers primarily with respect to data usage; M2M devices typically are not flexibly accessed or programmed; and their software is not written to operate with the wide variety of services that a human subscriber can handle.
In today's M2M system, the data generated by the M2M device can be sent to a M2M server directly via the network. In another embodiment, the data generated by the M2M device is sent to the M2M server through a M2M gateway. Once the data has reached the M2M server, it can be made available or distributed to other consumer entities (referred to as resource consumers) such as connected actuators or data processors.
A drawback to the aforementioned M2M architecture is that there are several potential security risks. Indeed, M2M devices which are placed in unprotected publicly accessible locations may be fraudulently modified or otherwise tampered with. Corrupted terminals may be used to attack the M2M system and/or the network. Perpetrators of such fraud may target an M2M user (e.g. via denial of service attacks, man-in-the-middle attacks, message blocking, etc.), and/or the Public Land Mobile Network (PLMN) operators (e.g., via theft of service, etc.). Furthermore, unlike personally owned terminals, the unsupervised nature of M2M devices complicates the detection and reporting of fraudulent usage or modification.
Once the data generated by the M2M device has reached the M2M server, it can be made available or distributed to other destination entities (referred to as resource consumer applications) such as data processors.
The architecture for M2M system implies two distinct communication channels, typically associated to different credentials: one from the object to the M2M server and another from the M2M server to a destination entity, in consequence there is no end-to-end security between the destination entities and the source of the data (the M2M device). The architecture is typically the following where there are two communications hops protected by different credentials. The data is revealed at M2M server and can be published to other entities.
In this case the M2M server can be hacked and/or used in fraudulent way to track user data. In the case where the M2M server is operated by a third party M2M Service provider (as standardized by ETSI TC M2M or the oneM2M Partnership), this service provider has to be trusted by the M2M application for manipulating unencrypted data that may be confidential or private.
There is a need for an end-to-end security for machine-to-machine communications. Specifically, there is a need to protect the data transmitted between a M2M device to a destination entity through a M2M server.